IMBENJI.NET/waylume_server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add peer management routes and server configuration services

Browse Source
This commit is contained in:
ImBenji
2025-08-04 16:46:08 +01:00
parent 773d209733
commit f1470a789e
7 changed files with 437 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
lib/config/supabase_config.dart Normal file
View File

@@ -0,0 +1,19 @@
import 'dart:io';
import 'package:dotenv/dotenv.dart';
import 'package:supabase/supabase.dart';
import 'package:waylume_server/core/utils.dart';
var env = DotEnv()..load();
dynamic fromEnivronment(String key) {
if (kIsRunningInDocker) {
return Platform.environment[key];
} else {
return env[key];
}
}
final SupabaseClient SUPABASE_CLIENT = SupabaseClient(
"https://lsdrctuvnwdrzrdyoqzu.supabase.co",
fromEnivronment('SUPABASE_KEY')!
);

29
lib/core/utils.dart Normal file
View File

@@ -0,0 +1,29 @@
import 'dart:convert';
import 'dart:io';
import 'package:http/http.dart' as http;
/// Get the current WAN IP address of the device.
Future<String> getWanIp() async {
// Get the IP address of the server. https://api.ipify.org?format=json
var ipResponse = await http.get(Uri.parse('https://api.ipify.org?format=json'));
if (ipResponse.statusCode == 200) {
var ipData = jsonDecode(ipResponse.body);
return ipData['ip'] as String;
} else {
throw Exception('Failed to get server IP address');
}
}
/// Check if Wireguard is installed on the system.
Future<bool> isWireguardInstalled() async {
try {
var result = await Process.run('wg', ['--version']);
return result.exitCode == 0;
} catch (e) {
print('Error checking WireGuard installation: $e');
return false;
}
}
bool get kIsRunningInDocker => File('/.dockerenv').existsSync();

30
lib/services/server_service.dart Normal file
View File

@@ -0,0 +1,30 @@
import 'dart:io';
import 'package:waylume_server/config/supabase_config.dart';
import 'package:waylume_server/core/utils.dart';
class ServerService {
static Future<void> registerServer() async {
String ip = await getWanIp();
var existsCheck = await SUPABASE_CLIENT
.from("waylume_servers")
.select()
.eq("id", fromEnivronment('SERVER_ID'))
.eq("host_ip", ip);
if (existsCheck.isEmpty) {
await SUPABASE_CLIENT
.from("waylume_servers")
.insert({
"id": fromEnivronment('SERVER_ID')!,
"last_heartbeat": DateTime.now().toUtc().toIso8601String(),
"host_ip": ip,
});
}
}
static Future<void> isolatePeers() async {
await Process.run('iptables', ['-I', 'FORWARD', '-i', 'wg0', '-o', 'wg0', '-j', 'DROP']);
await Process.run('iptables', ['-I', 'FORWARD', '-i', 'wg0', '-o', 'wg0', '-m', 'state', '--state', 'ESTABLISHED,RELATED', '-j', 'ACCEPT']);
}
}

35
lib/services/supabase_heartbeat.dart Normal file
View File

@@ -0,0 +1,35 @@
// Run a heartbeat to let supabase know that the client is still active.
import 'dart:io';
import 'dart:isolate';
import 'dart:math';
import 'package:supabase/supabase.dart';
import 'package:waylume_server/config/supabase_config.dart';
void initHeartbeat() {
// Run this on a separate thread.
Isolate.spawn((_) async {
// To avoid server deadlock
await Future.delayed(Duration(seconds: Random().nextInt(5)));
while (true) {
DateTime now = DateTime.now().toUtc();
await SUPABASE_CLIENT
.from("waylume_servers")
.update({ "last_heartbeat": now.toIso8601String() })
.eq("id", fromEnivronment("SERVER_ID")!);
print("Heartbeat sent to Supabase at ${now.toIso8601String()}");
// Wait 30 seconds before sending the next heartbeat
await Future.delayed(Duration(seconds: 30));
}
}, null);
}

119
lib/services/wireguard_service.dart Normal file
View File

@@ -0,0 +1,119 @@
import 'dart:convert';
import 'dart:io';
class WireGuardService {
static const String interfaceName = 'wg0';
static const String configPath = '/etc/wireguard/wg0.conf';
static const String serverIP = '10.0.0.1/24';
static const int serverPort = 51820;
static Future<void> initializeServer() async {
try {
// Check if wg0 interface already exists
if (await _interfaceExists()) {
print('WireGuard interface $interfaceName already exists.');
return;
}
print('Initializing WireGuard server interface...');
// Generate server keys if they don't exist
final serverKeys = await _getOrCreateServerKeys();
// Create server config
await _createServerConfig(serverKeys['privateKey']!);
// Bring up the interface
await _bringUpInterface();
print('WireGuard server interface $interfaceName initialized successfully.');
} catch (e) {
throw Exception('Failed to initialize WireGuard server: $e');
}
}
static Future<bool> _interfaceExists() async {
try {
final result = await Process.run('wg', ['show', interfaceName]);
return result.exitCode == 0;
} catch (e) {
return false;
}
}
static Future<Map<String, String>> _getOrCreateServerKeys() async {
try {
// Try to get existing keys from running interface
final pubResult = await Process.run('wg', ['show', interfaceName, 'public-key']);
final privResult = await Process.run('wg', ['show', interfaceName, 'private-key']);
if (pubResult.exitCode == 0 && privResult.exitCode == 0) {
return {
'publicKey': pubResult.stdout.toString().trim(),
'privateKey': privResult.stdout.toString().trim(),
};
}
} catch (e) {
// Keys don't exist, generate new ones
}
// Generate new keys
final privateKeyResult = await Process.run('wg', ['genkey']);
if (privateKeyResult.exitCode != 0) {
throw Exception('Failed to generate private key');
}
final privateKey = privateKeyResult.stdout.toString().trim();
// Generate public key from private key
final pubProcess = await Process.start('wg', ['pubkey']);
pubProcess.stdin.writeln(privateKey);
await pubProcess.stdin.close();
final publicKey = await pubProcess.stdout.transform(utf8.decoder).join();
return {
'privateKey': privateKey,
'publicKey': publicKey.trim(),
};
}
static Future<void> _createServerConfig(String privateKey) async {
final config = '''
[Interface]
PrivateKey = $privateKey
Address = $serverIP
ListenPort = $serverPort
PostUp = iptables -A FORWARD -i $interfaceName -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i $interfaceName -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
''';
// Ensure config directory exists
final configDir = Directory('/etc/wireguard');
if (!await configDir.exists()) {
await configDir.create(recursive: true);
}
// Write config file
final configFile = File(configPath);
await configFile.writeAsString(config);
// Set proper permissions (600)
await Process.run('chmod', ['600', configPath]);
}
static Future<void> _bringUpInterface() async {
// Start WireGuard interface
final result = await Process.run('wg-quick', ['up', interfaceName]);
if (result.exitCode != 0) {
throw Exception('Failed to bring up WireGuard interface: ${result.stderr}');
}
}
static Future<void> stopInterface() async {
try {
await Process.run('wg-quick', ['down', interfaceName]);
} catch (e) {
// Interface might not be running, ignore
}
}
}

165
lib/web/peer_routes.dart Normal file
View File

@@ -0,0 +1,165 @@
import 'dart:convert';
import 'package:shelf/shelf.dart';
import 'package:shelf_router/shelf_router.dart';
import 'package:waylume_server/wireguard/peers.dart';
class PeerRoutes {
Router get router {
final router = Router();
router.post('/peers', _createPeer);
router.delete('/peers/<publicKey>', _deletePeer);
router.get('/peers/<publicKey>/config', _getPeerConfig);
router.put('/peers/<publicKey>/speed-limit', _setSpeedLimit);
router.put('/peers/<publicKey>/data-cap', _setDataCap);
return router;
}
Future<Response> _createPeer(Request request) async {
try {
final peer = await createPeer();
final config = await generateClientConfigForPeer(peer);
return Response.ok(
jsonEncode({
'success': true,
'peer': peer.toJson(),
'config': config,
}),
headers: {'Content-Type': 'application/json'},
);
} catch (e) {
return Response.internalServerError(
body: jsonEncode({
'success': false,
'error': e.toString(),
}),
headers: {'Content-Type': 'application/json'},
);
}
}
Future<Response> _deletePeer(Request request) async {
final publicKey = request.params['publicKey']!;
try {
final success = await deletePeer(publicKey);
return Response.ok(
jsonEncode({
'success': success,
'message': success ? 'Peer deleted successfully' : 'Failed to delete peer',
}),
headers: {'Content-Type': 'application/json'},
);
} catch (e) {
return Response.internalServerError(
body: jsonEncode({
'success': false,
'error': e.toString(),
}),
headers: {'Content-Type': 'application/json'},
);
}
}
Future<Response> _getPeerConfig(Request request) async {
final publicKey = request.params['publicKey']!;
try {
return Response.notFound(
jsonEncode({
'success': false,
'error': 'Config retrieval not implemented - peer info not stored',
}),
headers: {'Content-Type': 'application/json'},
);
} catch (e) {
return Response.internalServerError(
body: jsonEncode({
'success': false,
'error': e.toString(),
}),
headers: {'Content-Type': 'application/json'},
);
}
}
Future<Response> _setSpeedLimit(Request request) async {
final publicKey = request.params['publicKey']!;
try {
final body = await request.readAsString();
final data = jsonDecode(body) as Map<String, dynamic>;
final speedKbps = data['speedKbps'] as int?;
if (speedKbps == null) {
return Response.badRequest(
body: jsonEncode({
'success': false,
'error': 'speedKbps parameter is required',
}),
headers: {'Content-Type': 'application/json'},
);
}
await setSpeedLimit(publicKey, speedKbps);
return Response.ok(
jsonEncode({
'success': true,
'message': 'Speed limit set successfully',
}),
headers: {'Content-Type': 'application/json'},
);
} catch (e) {
return Response.internalServerError(
body: jsonEncode({
'success': false,
'error': e.toString(),
}),
headers: {'Content-Type': 'application/json'},
);
}
}
Future<Response> _setDataCap(Request request) async {
final publicKey = request.params['publicKey']!;
try {
final body = await request.readAsString();
final data = jsonDecode(body) as Map<String, dynamic>;
final dataCapMB = data['dataCapMB'] as int?;
if (dataCapMB == null) {
return Response.badRequest(
body: jsonEncode({
'success': false,
'error': 'dataCapMB parameter is required',
}),
headers: {'Content-Type': 'application/json'},
);
}
await setDataCap(publicKey, dataCapMB);
return Response.ok(
jsonEncode({
'success': true,
'message': 'Data cap set successfully',
}),
headers: {'Content-Type': 'application/json'},
);
} catch (e) {
return Response.internalServerError(
body: jsonEncode({
'success': false,
'error': e.toString(),
}),
headers: {'Content-Type': 'application/json'},
);
}
}
}

40
lib/wireguard/traffic_control.dart Normal file
View File

@@ -0,0 +1,40 @@
import 'dart:io';
class TrafficControlService {
static Future<void> setSpeedLimit(String peerIP, int speedKbps) async {
final mark = _getMarkForIP(peerIP);
await _runIptablesCommand(['-I', 'FORWARD', '-s', peerIP, '-j', 'MARK', '--set-mark', mark.toString()]);
await _runIptablesCommand(['-I', 'FORWARD', '-d', peerIP, '-j', 'MARK', '--set-mark', mark.toString()]);
await _runTcCommand(['class', 'add', 'dev', 'wg0', 'parent', '1:1', 'classid', '1:$mark', 'htb', 'rate', '${speedKbps}kbit', 'ceil', '${speedKbps}kbit']);
await _runTcCommand(['filter', 'add', 'dev', 'wg0', 'protocol', 'ip', 'parent', '1:', 'prio', '1', 'handle', mark.toString(), 'fw', 'flowid', '1:$mark']);
}
static Future<void> setDataCap(String peerIP, int dataCapMB) async {
final quotaBytes = dataCapMB * 1024 * 1024;
await _runIptablesCommand(['-I', 'FORWARD', '-s', peerIP, '-m', 'quota', '--quota', quotaBytes.toString(), '-j', 'ACCEPT']);
await _runIptablesCommand(['-I', 'FORWARD', '-d', peerIP, '-m', 'quota', '--quota', quotaBytes.toString(), '-j', 'ACCEPT']);
await _runIptablesCommand(['-A', 'FORWARD', '-s', peerIP, '-j', 'DROP']);
await _runIptablesCommand(['-A', 'FORWARD', '-d', peerIP, '-j', 'DROP']);
}
static int _getMarkForIP(String ip) {
return ip.split('.').last.hashCode % 65535 + 1;
}
static Future<void> _runIptablesCommand(List<String> args) async {
final result = await Process.run('iptables', args);
if (result.exitCode != 0) {
throw Exception('iptables command failed: ${result.stderr}');
}
}
static Future<void> _runTcCommand(List<String> args) async {
final result = await Process.run('tc', args);
if (result.exitCode != 0) {
throw Exception('tc command failed: ${result.stderr}');
}
}
}